Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is playing Ads/Tv Stream in the background


  • This topic is locked This topic is locked
15 replies to this topic

#1 kero01930

kero01930

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 03 January 2014 - 03:58 PM

My computer restarted this morning I thought I just overheated my graphics card (fans kicked on loud at reboot). When I rebooted I turned skype back on and i kept hearing audio int he background, sounding like an auto-play ad. Couldn't find one. In my sound mixer I saw "Name Not Available" was responsible for the audio.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16722
Run by Me at 14:48:51 on 2014-01-03
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8183.4858 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Codec\Codec.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Derek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRun: [Amazon] rundll32.exe "C:\Users\Derek\AppData\Local\AOL\Amazon\wrivsk.dll",UI_processW
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - <no file>
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{1E26A974-FFED-41B0-8F10-668A860EF875} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{2C778731-9B73-4A45-8F83-69935B7BC6EB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AB3C97B0-E95F-486C-BAC9-3D35A1B1B370} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_winlogonx64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - 190.24.142.18
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\Derek\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Derek\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Derek\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-08-02 21:29; 501b34332910a@501b3433291ad.info; C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\501b34332910a@501b3433291ad.info
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2011-5-8 36232]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2011-5-8 42888]
R0 EUFS;EUFS;C:\Windows\System32\drivers\eufs.sys [2011-5-8 26504]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-29 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-9-10 25312]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-6-10 18768]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2011-5-8 17800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-21 239616]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-6-10 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-6-8 739400]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-6-10 17232]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-5-8 56200]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 304464]
R2 PenCommService;Livescribe Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-5 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EUDISK;EASEUS Disk Enumerator;C:\Windows\System32\drivers\eudisk.sys [2011-5-8 193928]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-29 24664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-26 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-9-10 278528]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-9-10 838136]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-26 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-3-26 230424]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-3-26 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-3-26 1445912]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-3-26 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-3-26 95256]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-3-26 95256]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-29 1038088]
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_service.exe [2010-3-26 161144]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-3-26 1604632]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-3-26 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-3-26 18432]
S3 P1764;Sound Blaster Audigy;C:\Windows\System32\drivers\P1764.SYS [2005-7-7 1579008]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-10-18 26112]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-26 1276928]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-7-17 90352]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-03 20:40:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 20:32:58 -------- d-s---w- C:\ComboFix
2014-01-03 18:50:04 98816 ----a-w- C:\Windows\sed.exe
2014-01-03 18:50:04 256000 ----a-w- C:\Windows\PEV.exe
2014-01-03 18:50:04 208896 ----a-w- C:\Windows\MBR.exe
2014-01-03 18:19:42 -------- d-----w- C:\Windows\ERUNT
2014-01-03 18:03:36 -------- d-----w- C:\AdwCleaner
2014-01-03 08:45:41 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7431679-E928-47AC-AEE0-71DAA5A9AD61}\mpengine.dll
2013-12-31 01:54:42 -------- d-----w- C:\Program Files (x86)\WoWModelViewer
.
==================== Find3M  ====================
.
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:49:58.88 ===============

Attached Files


Edited by kero01930, 03 January 2014 - 04:01 PM.


BC AdBot (Login to Remove)

 


#2 kero01930

kero01930
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 03 January 2014 - 09:16 PM

I'm not sure what the protocol is for bumping threads on this forum. I tried looking at the rules/preparation thread and didn't see anything. Not getting antsy... just don't want my thread to get buried!



#3 kero01930

kero01930
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 04 January 2014 - 03:17 PM

Bump -Edit- not sure if this is a symptom of the problem but my internet connection has been terrible today. 500-900ms on games I play. Constant disconnects. Can't seem to access any google product now (gmail/youtube/google) although I can access google from my phone, but no computer on my network. And I can also access other sites except google products.


Edited by kero01930, 04 January 2014 - 03:31 PM.


#4 kero01930

kero01930
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 January 2014 - 01:21 PM

Bump



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 08 January 2014 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519529 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 kero01930

kero01930
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 08 January 2014 - 06:12 PM

I still need help. Since my first post I googled around and tried to troubleshoot. Some people had similar issues so I tried following their process. I started a ComboFix scan, after the restart it got stuck on generating the report. Then my computer restarted (thanks to the problem). I googled some more and realized how ComboFix can be fairly dangerous without knowledge of how it works, so I decided to not move any further.

 

Computer is still playing ads if I don't mute it in the mixer. It also gives me a very heavy load my CPU usage is usually at 60-100% with just one browser tab open, and physical memory is usually lower but spikes too. Internet speeds have been completely terrible. Not fully sure if this is a symptom or not though because we've had a few snow storms.

 

Updated DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16722
Run by ME at 17:10:11 on 2014-01-08
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8183.5192 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Codec\Codec.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Derek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRun: [Amazon] rundll32.exe "C:\Users\Derek\AppData\Local\AOL\Amazon\wrivsk.dll",UI_processW
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - <no file>
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{1E26A974-FFED-41B0-8F10-668A860EF875} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{2C778731-9B73-4A45-8F83-69935B7BC6EB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AB3C97B0-E95F-486C-BAC9-3D35A1B1B370} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_winlogonx64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - 190.24.142.18
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\Derek\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Derek\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Derek\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-08-02 21:29; 501b34332910a@501b3433291ad.info; C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\m9n5i4sv.default\extensions\501b34332910a@501b3433291ad.info
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2011-5-8 36232]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2011-5-8 42888]
R0 EUFS;EUFS;C:\Windows\System32\drivers\eufs.sys [2011-5-8 26504]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-29 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-9-10 25312]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-6-10 18768]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2011-5-8 17800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-21 239616]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-6-10 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-6-8 739400]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-6-10 17232]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-5-8 56200]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 304464]
R2 PenCommService;Livescribe Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-5 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EUDISK;EASEUS Disk Enumerator;C:\Windows\System32\drivers\eudisk.sys [2011-5-8 193928]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-29 24664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-26 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-9-10 278528]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-9-10 838136]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-26 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-3-26 230424]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-3-26 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-3-26 1445912]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-3-26 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-3-26 95256]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-3-26 95256]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-29 1038088]
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_service.exe [2010-3-26 161144]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-3-26 1604632]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2010-3-26 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2010-3-26 18432]
S3 P1764;Sound Blaster Audigy;C:\Windows\System32\drivers\P1764.SYS [2005-7-7 1579008]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-10-18 26112]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-26 1276928]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-7-17 90352]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-08 19:40:51 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2014-01-08 19:40:51 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2014-01-08 19:40:51 -------- d-----w- C:\Windows\System32\wbem\Framework
2014-01-03 20:40:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 20:32:58 -------- d-s---w- C:\ComboFix
2014-01-03 18:50:04 98816 ----a-w- C:\Windows\sed.exe
2014-01-03 18:50:04 256000 ----a-w- C:\Windows\PEV.exe
2014-01-03 18:50:04 208896 ----a-w- C:\Windows\MBR.exe
2014-01-03 18:19:42 -------- d-----w- C:\Windows\ERUNT
2014-01-03 18:03:36 -------- d-----w- C:\AdwCleaner
2014-01-03 08:45:41 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7431679-E928-47AC-AEE0-71DAA5A9AD61}\mpengine.dll
2013-12-31 01:54:42 -------- d-----w- C:\Program Files (x86)\WoWModelViewer
.
==================== Find3M  ====================
.
2013-11-19 09:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:11:40.05 ===============

Attached Files


Edited by kero01930, 08 January 2014 - 06:13 PM.


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 08 January 2014 - 08:39 PM

Hello, kero01930.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 kero01930

    kero01930
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:10:40 AM

    Posted 08 January 2014 - 09:23 PM

    -edit- Ignore that! If you saw it. I got it working. It's running right now.


    Edited by kero01930, 08 January 2014 - 09:27 PM.


    #9 kero01930

    kero01930
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:10:40 AM

    Posted 08 January 2014 - 09:31 PM

    Here's the log!
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-NH4AE8G on 08-01-2014 20:28:22
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [P17RunE] - C:\Windows\\SysWOW64\P17RunE.dll [14848 2008-03-28] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\Derek\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-27] (Google Inc.)
    HKU\Derek\...\Run: [AdobeBridge] - [x]
    HKU\Derek\...\Run: [Spotify Web Helper] - C:\Users\Derek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-05] (Spotify Ltd)
    Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk ->  (No File)
     
    ==================== Services (Whitelisted) =================
     
    S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2009-06-08] (Adobe Systems Incorporated)
    S2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [739400 2013-06-07] (Anvisoft)
    S2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
    S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [451904 2009-08-19] ()
    S3 GoToAssist Express Customer; C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_service.exe [161144 2010-03-26] (Citrix Online, a division of Citrix Systems, Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [304464 2010-04-29] (Malwarebytes Corporation)
    S4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [90352 2009-04-26] (PC Pitstop LLC)
    S2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [457728 2010-10-18] (Livescribe)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-02] ()
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 wampapache; c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [20549 2010-12-31] (Apache Software Foundation)
    S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] ()
    S2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
    S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] ()
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)
    S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)
    S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-06] (Anvisoft)
    S2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-06] (Anvisoft)
    S2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-06] ()
    S0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] ()
    S3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
    S0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
    S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
    S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
    S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24664 2010-04-29] (Malwarebytes Corporation)
    S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2010-10-18] (Windows ® Win 7 DDK provider)
    S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-08 20:28 - 2014-01-08 20:28 - 00000000 ____D C:\FRST
    2014-01-08 18:05 - 2014-01-08 18:05 - 01931770 _____ (Farbar) C:\Users\Derek\Downloads\FRST64.exe
    2014-01-08 15:09 - 2014-01-08 15:10 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds (1).com
    2014-01-08 11:40 - 2014-01-08 11:40 - 00000000 ____D C:\Users\Derek\Downloads\openhardwaremonitor-v0.6.0-beta
    2014-01-08 11:39 - 2014-01-08 11:39 - 00526371 _____ C:\Users\Derek\Downloads\openhardwaremonitor-v0.6.0-beta.zip
    2014-01-08 09:52 - 2014-01-08 09:52 - 00000461 _____ C:\Users\Derek\Desktop\micro_continuity.txt
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000168 _____ C:\Users\Derek\Desktop\colors_messing.txt
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000037 _____ C:\Users\Derek\Desktop\more_colors.txt
    2014-01-06 10:21 - 2014-01-06 12:06 - 00000000 ____D C:\Users\Derek\Desktop\WL_NewDesign
    2014-01-05 16:56 - 2014-01-05 16:56 - 00000000 ____D C:\Users\Derek\Desktop\legion
    2014-01-04 14:35 - 2014-01-04 14:35 - 00000041 _____ C:\Users\Derek\Desktop\opensans-regular.css
    2014-01-04 14:31 - 2014-01-04 14:31 - 00001198 _____ C:\Users\Derek\Desktop\content.php
    2014-01-04 14:25 - 2014-01-04 14:25 - 00000433 _____ C:\Users\Derek\Desktop\bebas.css
    2014-01-04 14:19 - 2014-01-04 14:19 - 00000000 ____D C:\Users\Derek\Downloads\open-sans-fontfacekit
    2014-01-04 14:16 - 2014-01-04 14:16 - 01850986 _____ C:\Users\Derek\Downloads\open-sans-fontfacekit.zip
    2014-01-03 19:21 - 2014-01-03 23:10 - 28030461 _____ C:\Users\Derek\Desktop\WL_background.psd
    2014-01-03 14:03 - 2014-01-03 14:04 - 140179784 _____ C:\Users\Derek\Downloads\2986-photoshop-brushes.zip
    2014-01-03 13:58 - 2014-01-03 13:58 - 06045331 _____ C:\Users\Derek\Downloads\stroke-icons.zip
    2014-01-03 12:53 - 2014-01-03 12:53 - 00006080 _____ C:\Users\Derek\Desktop\attach.zip
    2014-01-03 12:50 - 2014-01-08 15:11 - 00024745 _____ C:\Users\Derek\Desktop\dds.txt
    2014-01-03 12:50 - 2014-01-08 15:11 - 00020024 _____ C:\Users\Derek\Desktop\attach.txt
    2014-01-03 12:47 - 2014-01-03 12:48 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds.com
    2014-01-03 12:32 - 2014-01-03 12:39 - 00000000 ___SD C:\ComboFix
    2014-01-03 10:50 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-03 10:50 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-03 10:50 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-03 10:50 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-03 10:50 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-03 10:50 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-03 10:50 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-03 10:50 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-03 10:49 - 2014-01-03 11:20 - 00000000 ____D C:\Windows\erdnt
    2014-01-03 10:49 - 2014-01-03 10:49 - 00000000 ____D C:\Qoobox
    2014-01-03 10:48 - 2014-01-03 10:48 - 05160282 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe
    2014-01-03 10:47 - 2014-01-03 10:47 - 05160282 _____ (Swearware) C:\Users\Derek\Downloads\ComboFix.exe
    2014-01-03 10:45 - 2014-01-03 10:45 - 01036305 _____ (Thisisu) C:\Users\Derek\Downloads\JRT (1).exe
    2014-01-03 10:45 - 2014-01-03 10:45 - 00005622 _____ C:\Users\Derek\Desktop\JRT.txt
    2014-01-03 10:19 - 2014-01-03 10:19 - 01036305 _____ (Thisisu) C:\Users\Derek\Downloads\JRT.exe
    2014-01-03 10:19 - 2014-01-03 10:19 - 00000000 ____D C:\Windows\ERUNT
    2014-01-03 10:03 - 2014-01-03 10:07 - 00000000 ____D C:\AdwCleaner
    2014-01-03 10:01 - 2014-01-03 10:01 - 01233962 _____ C:\Users\Derek\Downloads\AdwCleaner.exe
    2014-01-03 09:32 - 2014-01-03 09:32 - 00037376 _____ C:\Windows\System32\pbzwpy.cwe
    2014-01-03 09:22 - 2014-01-08 17:46 - 00000086 _____ C:\Windows\System32\monqqrp.ewo
    2014-01-03 09:22 - 2014-01-03 09:32 - 00000099 _____ C:\Windows\System32\sjnfejj.wbk
    2014-01-03 09:22 - 2014-01-03 09:22 - 00000064 _____ C:\Windows\System32\jfaygp.ljh
    2014-01-03 09:00 - 2014-01-03 09:00 - 00219314 ____S C:\Windows\System32\wlifvjg.zri
    2014-01-01 20:51 - 2014-01-01 20:51 - 00678139 _____ C:\Users\Derek\Desktop\guide_nav_buttons.psd
    2013-12-31 02:22 - 2013-12-31 02:22 - 00274592 _____ C:\Windows\Minidump\123113-21312-01.dmp
    2013-12-30 17:54 - 2013-12-30 17:54 - 00001089 _____ C:\Users\Derek\Desktop\WoW Model Viewer.lnk
    2013-12-30 17:54 - 2013-12-30 17:54 - 00000000 ____D C:\Program Files (x86)\WoWModelViewer
    2013-12-30 17:53 - 2013-12-30 17:53 - 03387258 _____ C:\Users\Derek\Downloads\WMV_Installer_v0706.exe
    2013-12-30 17:52 - 2013-12-30 17:52 - 06876160 _____ C:\Users\Derek\Downloads\WMV_Installer_v0703_Win32.msi
    2013-12-27 18:58 - 2013-12-27 18:58 - 00056951 _____ C:\Users\Derek\Desktop\sensi_tive_menu2.psd
    2013-12-27 11:19 - 2013-12-27 11:25 - 00001097 _____ C:\Users\Public\Desktop\StarCraft II.lnk
    2013-12-27 11:16 - 2013-12-27 11:16 - 54085656 _____ (Blizzard Entertainment) C:\Users\Derek\Downloads\StarCraft-II-Setup-enUS.exe
    2013-12-27 11:16 - 2013-12-27 11:16 - 54085656 _____ (Blizzard Entertainment) C:\Users\Derek\Downloads\StarCraft-II-Setup-enUS (1).exe
    2013-12-26 17:49 - 2013-12-27 12:39 - 00046109 _____ C:\Users\Derek\Desktop\sensi_tive_menu.psd
    2013-12-24 13:36 - 2013-12-24 13:36 - 00057060 _____ C:\Users\Derek\Downloads\[kickass.to]planes.2013.brrip.xvid.etrg.torrent
    2013-12-24 13:35 - 2013-12-24 13:35 - 00014163 _____ C:\Users\Derek\Downloads\[kickass.to]toy.story.3.2010.720p.brrip.x264.650mb.yify.torrent
    2013-12-24 13:34 - 2013-12-24 13:34 - 00014828 _____ C:\Users\Derek\Downloads\[kickass.to]tangled.2010.brrip.xvid.1337x.noir.torrent
    2013-12-23 20:15 - 2013-12-23 20:15 - 00397550 _____ C:\Users\Derek\Downloads\[kickass.to]disney.movies.2000.2008.torrent
    2013-12-23 20:05 - 2013-12-23 20:05 - 00014095 _____ C:\Users\Derek\Downloads\[kickass.to]cars.2.2011.720p.brrip.x264.700mb.yify.torrent
    2013-12-23 20:05 - 2013-12-23 20:05 - 00013023 _____ C:\Users\Derek\Downloads\[kickass.to]cars.2006.720p.brrip.x264.600mb.yify.torrent
    2013-12-23 20:04 - 2013-12-23 20:04 - 00056719 _____ C:\Users\Derek\Downloads\[kickass.to]bolt.2008.dvdrip.axxo.torrent
    2013-12-23 20:01 - 2013-12-23 20:01 - 00014619 _____ C:\Users\Derek\Downloads\[kickass.to]up.pixar.2009.dvd.rip.nlx.torrent
    2013-12-23 19:51 - 2013-12-23 19:51 - 00008989 _____ C:\Users\Derek\Downloads\[kickass.to]monsters.university.2013.720p.brrip.x264.yify.torrent
    2013-12-23 19:48 - 2013-12-23 19:48 - 00029287 _____ C:\Users\Derek\Downloads\[kickass.to]wreck.it.ralph.2012.dvdrip.xvid.rips.torrent
    2013-12-23 19:35 - 2013-12-23 19:35 - 00028980 _____ C:\Users\Derek\Downloads\[kickass.to]frankenweenie.2012.dvdrip.xvid.cocain.torrent
    2013-12-23 19:33 - 2013-12-23 19:33 - 00023800 _____ C:\Users\Derek\Downloads\[kickass.to]brave.2012.r5.dvdrip.xvid.line.unique.torrent
    2013-12-23 19:32 - 2013-12-23 19:32 - 00056821 _____ C:\Users\Derek\Downloads\[kickass.to]the.brave.little.toaster.1987.internal.dvdrip.xvid.exvidint.torrent
    2013-12-22 20:10 - 2013-12-22 20:10 - 00493089 _____ C:\Users\Derek\Downloads\[kickass.to]disney.movies.torrent
    2013-12-19 19:53 - 2013-12-19 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-17 23:39 - 2013-12-17 23:39 - 00087282 _____ C:\Users\Derek\Downloads\iem-addons-master.torrent
    2013-12-17 20:10 - 2013-12-17 20:10 - 00125849 _____ C:\Users\Derek\Downloads\[kickass.to]ufc.fight.night.hunt.vs.bigfoot.6th.dec.2013.hdtv.x264.sir.paul.torrent
    2013-12-17 19:59 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Derek\Desktop\iPwn Email Template
    2013-12-17 19:00 - 2013-12-17 19:00 - 00000000 ____D C:\Users\Derek\Downloads\themeforest-265475-karma-clean-modern-corporate-email-template (1)
    2013-12-17 18:57 - 2013-12-17 18:57 - 04737027 _____ C:\Users\Derek\Downloads\themeforest-265475-karma-clean-modern-corporate-email-template (1).zip
    2013-12-11 14:42 - 2013-12-11 14:42 - 00008128 _____ C:\Users\Derek\Downloads\PoE Weapon Calculator.rar
    2013-12-10 10:17 - 2013-12-10 10:17 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (2).crx
    2013-12-10 10:17 - 2013-12-10 10:17 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (2) (1).crx
    2013-12-10 10:02 - 2013-12-10 10:02 - 00305431 _____ C:\Users\Derek\Downloads\EMAILMARKETERv6.1.3 ULTIMATE NULLED.torrent
    2013-12-09 12:08 - 2013-12-09 12:08 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading.crx
    2013-12-09 12:08 - 2013-12-09 12:08 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (1).crx
    2013-12-09 10:52 - 2013-12-09 10:52 - 00947248 _____ C:\Users\Derek\Desktop\affiliate_management.pptx
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-08 20:28 - 2014-01-08 20:28 - 00000000 ____D C:\FRST
    2014-01-08 18:05 - 2014-01-08 18:05 - 01931770 _____ (Farbar) C:\Users\Derek\Downloads\FRST64.exe
    2014-01-08 18:04 - 2009-07-13 21:13 - 00779724 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-08 17:52 - 2012-09-17 17:15 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-08 17:46 - 2014-01-03 09:22 - 00000086 _____ C:\Windows\System32\monqqrp.ewo
    2014-01-08 17:30 - 2012-03-07 20:18 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3538211329-2583101196-2556821162-1000UA.job
    2014-01-08 17:12 - 2010-07-25 18:20 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3538211329-2583101196-2556821162-1000UA.job
    2014-01-08 15:56 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-08 15:56 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-08 15:49 - 2011-10-31 09:01 - 00000000 ___RD C:\Users\Derek\Dropbox
    2014-01-08 15:49 - 2011-10-31 08:55 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Dropbox
    2014-01-08 15:48 - 2012-09-17 17:15 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-08 15:48 - 2012-08-02 18:31 - 00000332 ____H C:\Windows\Tasks\CodecUpdaterTask{B944554B-F6DE-4E31-A219-19EA848CB7BA}.job
    2014-01-08 15:48 - 2010-03-26 11:55 - 00687390 _____ C:\Windows\PFRO.log
    2014-01-08 15:48 - 2010-03-26 11:37 - 00000000 _____ C:\Windows\System32\Drivers\lvuvc.hs
    2014-01-08 15:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-08 15:48 - 2009-07-13 20:51 - 00070145 _____ C:\Windows\setupact.log
    2014-01-08 15:46 - 2010-03-26 10:24 - 01190317 _____ C:\Windows\WindowsUpdate.log
    2014-01-08 15:11 - 2014-01-03 12:50 - 00024745 _____ C:\Users\Derek\Desktop\dds.txt
    2014-01-08 15:11 - 2014-01-03 12:50 - 00020024 _____ C:\Users\Derek\Desktop\attach.txt
    2014-01-08 15:10 - 2014-01-08 15:09 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds (1).com
    2014-01-08 14:47 - 2011-10-14 14:16 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Spotify
    2014-01-08 14:44 - 2010-03-27 06:36 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Skype
    2014-01-08 14:43 - 2012-03-07 20:18 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3538211329-2583101196-2556821162-1000Core.job
    2014-01-08 14:23 - 2011-10-14 14:16 - 00000000 ____D C:\Users\Derek\AppData\Local\Spotify
    2014-01-08 11:40 - 2014-01-08 11:40 - 00000000 ____D C:\Users\Derek\Downloads\openhardwaremonitor-v0.6.0-beta
    2014-01-08 11:39 - 2014-01-08 11:39 - 00526371 _____ C:\Users\Derek\Downloads\openhardwaremonitor-v0.6.0-beta.zip
    2014-01-08 09:52 - 2014-01-08 09:52 - 00000461 _____ C:\Users\Derek\Desktop\micro_continuity.txt
    2014-01-08 09:52 - 2010-04-28 06:33 - 00000000 ____D C:\Users\Derek\AppData\Roaming\FileZilla
    2014-01-08 00:00 - 2010-03-27 09:42 - 00000000 ____D C:\Users\Derek\AppData\Local\Adobe
    2014-01-07 22:12 - 2010-07-25 18:20 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3538211329-2583101196-2556821162-1000Core.job
    2014-01-06 14:37 - 2013-02-27 20:15 - 00001456 _____ C:\Users\Derek\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-01-06 12:30 - 2010-03-26 14:21 - 00000000 ____D C:\Users\Derek\AppData\Local\Citrix
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000168 _____ C:\Users\Derek\Desktop\colors_messing.txt
    2014-01-06 12:16 - 2014-01-06 12:16 - 00000037 _____ C:\Users\Derek\Desktop\more_colors.txt
    2014-01-06 12:06 - 2014-01-06 10:21 - 00000000 ____D C:\Users\Derek\Desktop\WL_NewDesign
    2014-01-05 17:51 - 2013-07-11 16:15 - 00008152 _____ C:\Users\Derek\Desktop\code_saves2.txt
    2014-01-05 16:56 - 2014-01-05 16:56 - 00000000 ____D C:\Users\Derek\Desktop\legion
    2014-01-04 14:35 - 2014-01-04 14:35 - 00000041 _____ C:\Users\Derek\Desktop\opensans-regular.css
    2014-01-04 14:31 - 2014-01-04 14:31 - 00001198 _____ C:\Users\Derek\Desktop\content.php
    2014-01-04 14:25 - 2014-01-04 14:25 - 00000433 _____ C:\Users\Derek\Desktop\bebas.css
    2014-01-04 14:19 - 2014-01-04 14:19 - 00000000 ____D C:\Users\Derek\Downloads\open-sans-fontfacekit
    2014-01-04 14:16 - 2014-01-04 14:16 - 01850986 _____ C:\Users\Derek\Downloads\open-sans-fontfacekit.zip
    2014-01-03 23:10 - 2014-01-03 19:21 - 28030461 _____ C:\Users\Derek\Desktop\WL_background.psd
    2014-01-03 14:04 - 2014-01-03 14:03 - 140179784 _____ C:\Users\Derek\Downloads\2986-photoshop-brushes.zip
    2014-01-03 13:58 - 2014-01-03 13:58 - 06045331 _____ C:\Users\Derek\Downloads\stroke-icons.zip
    2014-01-03 12:53 - 2014-01-03 12:53 - 00006080 _____ C:\Users\Derek\Desktop\attach.zip
    2014-01-03 12:48 - 2014-01-03 12:47 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds.com
    2014-01-03 12:41 - 2010-03-26 14:21 - 00000000 ____D C:\Users\Derek\AppData\Local\Deployment
    2014-01-03 12:39 - 2014-01-03 12:32 - 00000000 ___SD C:\ComboFix
    2014-01-03 11:38 - 2013-11-05 08:34 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2014-01-03 11:38 - 2010-03-27 09:46 - 00000000 ____D C:\Users\Derek\AppData\Local\Google
    2014-01-03 11:35 - 2013-11-05 08:33 - 00000000 ____D C:\Users\Derek\AppData\Local\Overwolf
    2014-01-03 11:20 - 2014-01-03 10:49 - 00000000 ____D C:\Windows\erdnt
    2014-01-03 11:13 - 2010-03-26 14:21 - 00000000 ____D C:\Users\Derek\AppData\Local\Apps\2.0
    2014-01-03 11:13 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-03 11:11 - 2009-07-13 18:34 - 88080384 _____ C:\Windows\System32\config\software.bak
    2014-01-03 11:11 - 2009-07-13 18:34 - 23855104 _____ C:\Windows\System32\config\system.bak
    2014-01-03 11:11 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\System32\config\default.bak
    2014-01-03 11:11 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\security.bak
    2014-01-03 11:11 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\sam.bak
    2014-01-03 10:49 - 2014-01-03 10:49 - 00000000 ____D C:\Qoobox
    2014-01-03 10:48 - 2014-01-03 10:48 - 05160282 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe
    2014-01-03 10:47 - 2014-01-03 10:47 - 05160282 _____ (Swearware) C:\Users\Derek\Downloads\ComboFix.exe
    2014-01-03 10:45 - 2014-01-03 10:45 - 01036305 _____ (Thisisu) C:\Users\Derek\Downloads\JRT (1).exe
    2014-01-03 10:45 - 2014-01-03 10:45 - 00005622 _____ C:\Users\Derek\Desktop\JRT.txt
    2014-01-03 10:19 - 2014-01-03 10:19 - 01036305 _____ (Thisisu) C:\Users\Derek\Downloads\JRT.exe
    2014-01-03 10:19 - 2014-01-03 10:19 - 00000000 ____D C:\Windows\ERUNT
    2014-01-03 10:07 - 2014-01-03 10:03 - 00000000 ____D C:\AdwCleaner
    2014-01-03 10:01 - 2014-01-03 10:01 - 01233962 _____ C:\Users\Derek\Downloads\AdwCleaner.exe
    2014-01-03 09:32 - 2014-01-03 09:32 - 00037376 _____ C:\Windows\System32\pbzwpy.cwe
    2014-01-03 09:32 - 2014-01-03 09:22 - 00000099 _____ C:\Windows\System32\sjnfejj.wbk
    2014-01-03 09:22 - 2014-01-03 09:22 - 00000064 _____ C:\Windows\System32\jfaygp.ljh
    2014-01-03 09:00 - 2014-01-03 09:00 - 00219314 ____S C:\Windows\System32\wlifvjg.zri
    2014-01-03 09:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2014-01-01 20:51 - 2014-01-01 20:51 - 00678139 _____ C:\Users\Derek\Desktop\guide_nav_buttons.psd
    2013-12-31 02:22 - 2013-12-31 02:22 - 00274592 _____ C:\Windows\Minidump\123113-21312-01.dmp
    2013-12-31 02:22 - 2012-07-25 20:19 - 761086241 _____ C:\Windows\MEMORY.DMP
    2013-12-31 02:22 - 2010-03-26 14:51 - 00000000 ____D C:\Windows\Minidump
    2013-12-31 02:21 - 2012-12-08 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-30 17:54 - 2013-12-30 17:54 - 00001089 _____ C:\Users\Derek\Desktop\WoW Model Viewer.lnk
    2013-12-30 17:54 - 2013-12-30 17:54 - 00000000 ____D C:\Program Files (x86)\WoWModelViewer
    2013-12-30 17:53 - 2013-12-30 17:53 - 03387258 _____ C:\Users\Derek\Downloads\WMV_Installer_v0706.exe
    2013-12-30 17:52 - 2013-12-30 17:52 - 06876160 _____ C:\Users\Derek\Downloads\WMV_Installer_v0703_Win32.msi
    2013-12-28 15:14 - 2013-08-21 16:19 - 00000000 ____D C:\Users\Derek\AppData\Local\Battle.net
    2013-12-28 14:41 - 2010-08-08 14:49 - 00000000 ____D C:\Users\Derek\Documents\StarCraft II
    2013-12-27 19:13 - 2013-05-19 17:09 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
    2013-12-27 18:58 - 2013-12-27 18:58 - 00056951 _____ C:\Users\Derek\Desktop\sensi_tive_menu2.psd
    2013-12-27 12:39 - 2013-12-26 17:49 - 00046109 _____ C:\Users\Derek\Desktop\sensi_tive_menu.psd
    2013-12-27 12:02 - 2010-08-08 14:49 - 00000000 ____D C:\Program Files (x86)\StarCraft II
    2013-12-27 11:25 - 2013-12-27 11:19 - 00001097 _____ C:\Users\Public\Desktop\StarCraft II.lnk
    2013-12-27 11:16 - 2013-12-27 11:16 - 54085656 _____ (Blizzard Entertainment) C:\Users\Derek\Downloads\StarCraft-II-Setup-enUS.exe
    2013-12-27 11:16 - 2013-12-27 11:16 - 54085656 _____ (Blizzard Entertainment) C:\Users\Derek\Downloads\StarCraft-II-Setup-enUS (1).exe
    2013-12-26 16:13 - 2010-10-28 14:15 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-12-26 15:49 - 2013-08-21 16:19 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2013-12-25 10:28 - 2010-03-28 16:23 - 00000000 ____D C:\Users\Derek\AppData\Roaming\uTorrent
    2013-12-24 13:36 - 2013-12-24 13:36 - 00057060 _____ C:\Users\Derek\Downloads\[kickass.to]planes.2013.brrip.xvid.etrg.torrent
    2013-12-24 13:35 - 2013-12-24 13:35 - 00014163 _____ C:\Users\Derek\Downloads\[kickass.to]toy.story.3.2010.720p.brrip.x264.650mb.yify.torrent
    2013-12-24 13:34 - 2013-12-24 13:34 - 00014828 _____ C:\Users\Derek\Downloads\[kickass.to]tangled.2010.brrip.xvid.1337x.noir.torrent
    2013-12-23 20:15 - 2013-12-23 20:15 - 00397550 _____ C:\Users\Derek\Downloads\[kickass.to]disney.movies.2000.2008.torrent
    2013-12-23 20:05 - 2013-12-23 20:05 - 00014095 _____ C:\Users\Derek\Downloads\[kickass.to]cars.2.2011.720p.brrip.x264.700mb.yify.torrent
    2013-12-23 20:05 - 2013-12-23 20:05 - 00013023 _____ C:\Users\Derek\Downloads\[kickass.to]cars.2006.720p.brrip.x264.600mb.yify.torrent
    2013-12-23 20:04 - 2013-12-23 20:04 - 00056719 _____ C:\Users\Derek\Downloads\[kickass.to]bolt.2008.dvdrip.axxo.torrent
    2013-12-23 20:01 - 2013-12-23 20:01 - 00014619 _____ C:\Users\Derek\Downloads\[kickass.to]up.pixar.2009.dvd.rip.nlx.torrent
    2013-12-23 19:51 - 2013-12-23 19:51 - 00008989 _____ C:\Users\Derek\Downloads\[kickass.to]monsters.university.2013.720p.brrip.x264.yify.torrent
    2013-12-23 19:48 - 2013-12-23 19:48 - 00029287 _____ C:\Users\Derek\Downloads\[kickass.to]wreck.it.ralph.2012.dvdrip.xvid.rips.torrent
    2013-12-23 19:35 - 2013-12-23 19:35 - 00028980 _____ C:\Users\Derek\Downloads\[kickass.to]frankenweenie.2012.dvdrip.xvid.cocain.torrent
    2013-12-23 19:33 - 2013-12-23 19:33 - 00023800 _____ C:\Users\Derek\Downloads\[kickass.to]brave.2012.r5.dvdrip.xvid.line.unique.torrent
    2013-12-23 19:32 - 2013-12-23 19:32 - 00056821 _____ C:\Users\Derek\Downloads\[kickass.to]the.brave.little.toaster.1987.internal.dvdrip.xvid.exvidint.torrent
    2013-12-22 20:10 - 2013-12-22 20:10 - 00493089 _____ C:\Users\Derek\Downloads\[kickass.to]disney.movies.torrent
    2013-12-22 03:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-12-22 02:45 - 2009-07-13 20:45 - 05238472 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-12-19 19:53 - 2013-12-19 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-18 14:03 - 2013-12-17 19:59 - 00000000 ____D C:\Users\Derek\Desktop\iPwn Email Template
    2013-12-17 23:39 - 2013-12-17 23:39 - 00087282 _____ C:\Users\Derek\Downloads\iem-addons-master.torrent
    2013-12-17 20:10 - 2013-12-17 20:10 - 00125849 _____ C:\Users\Derek\Downloads\[kickass.to]ufc.fight.night.hunt.vs.bigfoot.6th.dec.2013.hdtv.x264.sir.paul.torrent
    2013-12-17 19:00 - 2013-12-17 19:00 - 00000000 ____D C:\Users\Derek\Downloads\themeforest-265475-karma-clean-modern-corporate-email-template (1)
    2013-12-17 18:57 - 2013-12-17 18:57 - 04737027 _____ C:\Users\Derek\Downloads\themeforest-265475-karma-clean-modern-corporate-email-template (1).zip
    2013-12-11 14:42 - 2013-12-11 14:42 - 00008128 _____ C:\Users\Derek\Downloads\PoE Weapon Calculator.rar
    2013-12-10 10:17 - 2013-12-10 10:17 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (2).crx
    2013-12-10 10:17 - 2013-12-10 10:17 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (2) (1).crx
    2013-12-10 10:02 - 2013-12-10 10:02 - 00305431 _____ C:\Users\Derek\Downloads\EMAILMARKETERv6.1.3 ULTIMATE NULLED.torrent
    2013-12-09 12:08 - 2013-12-09 12:08 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading.crx
    2013-12-09 12:08 - 2013-12-09 12:08 - 00132722 _____ C:\Users\Derek\Downloads\ForumTrading (1).crx
    2013-12-09 11:32 - 2013-11-26 10:37 - 00000000 ____D C:\Users\Derek\Desktop\yoo_catalyst_image_sources
    2013-12-09 10:52 - 2013-12-09 10:52 - 00947248 _____ C:\Users\Derek\Desktop\affiliate_management.pptx
     
    ==================== Known DLLs (Whitelisted) ================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) 04A49367E0875A76216CCFAAB0C1CA4B
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2014-01-01 00:36:53
    Restore point made on: 2014-01-03 00:45:32
    Restore point made on: 2014-01-03 11:37:08
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 10%
    Total physical RAM: 8183.05 MB
    Available physical RAM: 7337.09 MB
    Total Pagefile: 8181.2 MB
    Available Pagefile: 7329.47 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:465.66 GB) (Free:75.74 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:465.75 GB) (Free:167.84 GB) NTFS
    Drive f: (USB DISK) (Removable) (Total:3.61 GB) (Free:3.6 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 17495F38)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
     
     
    LastRegBack: 2013-12-29 23:22
     
    ==================== End Of Log ============================


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:12:40 PM

    Posted 09 January 2014 - 08:41 PM

    Hello, kero01930.
     
    P2P Warning and Request
    The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.
     
    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care.  I recommend that you uninstall this program.  That is optional, however.  If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
     
     
     
    Step 1
     
    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
     

    HKU\Derek\...\Run: [AdobeBridge] - [x]
    2014-01-03 09:32 - 2014-01-03 09:32 - 00037376 _____ C:\Windows\System32\pbzwpy.cwe
    2014-01-03 09:22 - 2014-01-08 17:46 - 00000086 _____ C:\Windows\System32\monqqrp.ewo
    2014-01-03 09:22 - 2014-01-03 09:32 - 00000099 _____ C:\Windows\System32\sjnfejj.wbk
    2014-01-03 09:22 - 2014-01-03 09:22 - 00000064 _____ C:\Windows\System32\jfaygp.ljh
    2014-01-03 09:00 - 2014-01-03 09:00 - 00219314 ____S C:\Windows\System32\wlifvjg.zri
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
     
    On Vista or Windows 7: Now please enter System Recovery Options.
     
    On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.
     
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
     
     
     
    Step 2
     
    I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Avira
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Note: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 kero01930

    kero01930
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:10:40 AM

    Posted 09 January 2014 - 09:29 PM

    I did this and when I rebooted I have a black screen with a mouse. It wouldn't boot into safe mode either. Same result.

     

    I've got a second computer so here's the fix log:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-09 20:14:36 Run:1
    Running from F:\
    Boot Mode: Recovery
    ==============================================
     
    Content of fixlist:
    *****************
    HKU\Derek\...\Run: [AdobeBridge] - [x]
    2014-01-03 09:32 - 2014-01-03 09:32 - 00037376 _____ C:\Windows\System32\pbzwpy.cwe
    2014-01-03 09:22 - 2014-01-08 17:46 - 00000086 _____ C:\Windows\System32\monqqrp.ewo
    2014-01-03 09:22 - 2014-01-03 09:32 - 00000099 _____ C:\Windows\System32\sjnfejj.wbk
    2014-01-03 09:22 - 2014-01-03 09:22 - 00000064 _____ C:\Windows\System32\jfaygp.ljh
    2014-01-03 09:00 - 2014-01-03 09:00 - 00219314 ____S C:\Windows\System32\wlifvjg.zri
    *****************
     
    HKU\Derek\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
    C:\Windows\System32\pbzwpy.cwe => Moved successfully.
    C:\Windows\System32\monqqrp.ewo => Moved successfully.
    C:\Windows\System32\sjnfejj.wbk => Moved successfully.
    C:\Windows\System32\jfaygp.ljh => Moved successfully.
    C:\Windows\System32\wlifvjg.zri => Moved successfully.
     
    ==== End of Fixlog ====


    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:12:40 PM

    Posted 09 January 2014 - 09:33 PM

    Hi,

     

    Not unexpected.  Please launch FRST as before from the flash drive.  In the search box type rpcss.dll and click Search File(s).  You'll see a new log named search.txt appear on the flash drive.  Please copy/paste the contents here.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 kero01930

    kero01930
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:10:40 AM

    Posted 09 January 2014 - 09:45 PM

    It took quite a bit to generate the report. Not sure if that's significant.

     

    Here's the search report:

     

    Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-09 20:37:46
    Running from F:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) 04A49367E0875A76216CCFAAB0C1CA4B
     
    X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    X:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    ====== End Of Search ======


    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:12:40 PM

    Posted 10 January 2014 - 06:39 AM

    Hi,

     

    It can take a bit depending on the size of your drive and speed of your computer.  The good news is we have a replacement for the patched file.

     

    Please save the following text into notepad, save it as fixlist.txt on your FRST flash drive.

     

    replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll

     

    Now reboot into the recovery environment, run FRST as before and click the Fix button. When the fix is done, restart normally and see if the problem still persists.

     

    -etavares


    Edited by etavares, 10 January 2014 - 06:40 AM.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:12:40 PM

    Posted 14 January 2014 - 05:04 PM

    Still there?



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users